X-Git-Url: https://git.deb.at/?p=pkg%2Fblosxom.git;a=blobdiff_plain;f=blosxom.cgi;h=590e0f2b4adfd76dc2f0220daecd96449266bfb7;hp=5b4ab039a6c55e51deeaba0085fba2fa0852566c;hb=94acc2bbef346aacd861c5dd3cb03dc260294c14;hpb=fd2b772eb0de12656ffe73514a083da6d5d590bd diff --git a/blosxom.cgi b/blosxom.cgi index 5b4ab03..590e0f2 100755 --- a/blosxom.cgi +++ b/blosxom.cgi @@ -1,8 +1,8 @@ #!/usr/bin/perl # Blosxom -# Author: Rael Dornfest (2002-2003), The Blosxom Development Team (2005-2008) -# Version: 2.1.2 ($Id: blosxom.cgi,v 1.92 2009/03/08 01:11:15 xtaran Exp $) +# Author: Rael Dornfest (2002-2003), The Blosxom Development Team (2005-2009) +# Version: 2.1.2 ($Id: blosxom.cgi,v 1.98 2009/07/19 17:18:37 xtaran Exp $) # Home/Docs/Licensing: http://blosxom.sourceforge.net/ # Development/Downloads: http://sourceforge.net/projects/blosxom @@ -142,6 +142,11 @@ $encode_xml_entities = 1; # can change this, too) $encode_8bit_chars = 0; +# RegExp matching all characters which should be URL encoded in links. +# Defaults to anything but numbers, letters, slash, colon, dash, +# underscore and dot. +$url_escape_re = qr([^-/a-zA-Z0-9:._]); + # -------------------------------- =head1 ENVIRONMENT @@ -191,8 +196,55 @@ development was picked up by a team of dedicated users of blosxom since =cut -use vars - qw! $version $blog_title $blog_description $blog_language $blog_encoding $datadir $url %template $template $depth $num_entries $file_extension $default_flavour $static_or_dynamic $config_dir $plugin_list $plugin_path $plugin_dir $plugin_state_dir @plugins %plugins $static_dir $static_password @static_flavours $static_entries $path_info_full $path_info $path_info_yr $path_info_mo $path_info_da $path_info_mo_num $flavour $static_or_dynamic %month2num @num2month $interpolate $entries $output $header $show_future_entries %files %indexes %others $encode_xml_entities $encode_8bit_chars $content_type !; +use vars qw! + $version + $blog_title + $blog_description + $blog_language + $blog_encoding + $datadir + $url + %template + $template + $depth + $num_entries + $file_extension + $default_flavour + $static_or_dynamic + $config_dir + $plugin_list + $plugin_path + $plugin_dir + $plugin_state_dir + @plugins + %plugins + $static_dir + $static_password + @static_flavours + $static_entries + $path_info_full + $path_info + $path_info_yr + $path_info_mo + $path_info_da + $path_info_mo_num + $flavour + $static_or_dynamic + %month2num + @num2month + $interpolate + $entries + $output + $header + $show_future_entries + %files + %indexes + %others + $encode_xml_entities + $encode_8bit_chars + $url_escape_re + $content_type +!; use strict; use FileHandle; @@ -671,7 +723,7 @@ sub generate { package blosxom; my $template = shift; # Interpolate scalars, namespaced scalars, and hash/hashref scalars - $template =~ s/(\$\w+(?:::\w+)*(?:(?:->)?{(['"]?)[-\w]+\2})?)/"defined $1 ? $1 : ''"/gee; + $template =~ s/(\$\w+(?:::\w+)*(?:(?:->)?{([\'\"]?)[-\w]+\2})?)/"defined $1 ? $1 : ''"/gee; return $template; }; @@ -806,18 +858,20 @@ sub generate { } } + # Save unescaped versions and allow them to be used in + # flavour templates. + use vars qw/$url_unesc $path_unesc $fn_unesc/; + $url_unesc = $url; + $path_unesc = $path; + $fn_unesc = $fn; + + # Fix special characters in links inside XML content if ( $encode_xml_entities && $content_type =~ m{\bxml\b} && $content_type !~ m{\bxhtml\b} ) { # Escape special characters inside the container - # The following line should be moved more towards to top for - # performance reasons -- Axel Beckert, 2008-07-22 - my $url_escape_re = qr([^-/a-zA-Z0-9:._]); - - $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; - $path =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; - $fn =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + &url_escape_url_path_and_fn(); # Escape <, >, and &, and to produce valid RSS $title = blosxom_html_escape($title); @@ -827,10 +881,9 @@ sub generate { $fn = blosxom_html_escape($fn); } + # Fix special characters in links inside XML content if ($encode_8bit_chars) { - $url =~ s([^-a-zA-Z0-9_./:])(sprintf('%%%02X', ord($&)))ge; - $path =~ s([^-a-zA-Z0-9_./:])(sprintf('%%%02X', ord($&)))ge; - $fn =~ s([^-a-zA-Z0-9_./:])(sprintf('%%%02X', ord($&)))ge; + &url_escape_url_path_and_fn(); } $story = &$interpolate($story); @@ -890,6 +943,12 @@ sub nice_date { return ( $dw, $mo, $mo_num, $da, $ti, $yr, $utc_offset ); } +sub url_escape_url_path_and_fn { + $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $path =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $fn =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; +} + # Default HTML and RSS template bits __DATA__ html content_type text/html; charset=$blog_encoding